Back

Configuring ADFS Servers for Auditing User Logon Events

Below is the information needed for auditing success and failure logon events in an ADFS Server Farm Check out our Identity Cloud Solutionsservi...

2 min read
Published on Mar 5, 2013
configuring-adfs-servers-for-success-and-failure-auditing-of-user-logon-events

Below is the information needed for auditing success and failure logon events in an ADFS Server Farm (Check out our Identity Cloud Solutions for additional consulting help)

Configure ADFS Event Logging

You can configure event logging on federation servers, federation server proxies, and Web servers. ADFS events are logged in the Application event log and the Security event log.

Configure ADFS Event Logging - 1

Configure ADFS Event Logging - 2

Configure ADFS Event Logging - 3Important

You must turn on audit object access at each of the federation servers, for ADFS-related audits to appear in the Security log. This will allow the Federation Service to log either success or failure errors. For more information about how to turn on audit object access, see Audit object access (https://go.microsoft.com/fwlink/?LinkId=62686).

Default Events for Claims-aware Applications on a Web Server

You will notice the following event if the ADFS Web server is able to retrieve ADFS trust information successfully from the Federation Service.

Event Type:Information
Event Source:ADFS
Event Category:None
Event ID:621
Date:11/10/2005
Time:4:09:26 PM
User:N/A
Computer:ADFSWEB
Description:
The ADFS Web Agent for claims-aware applications successfully retrieved trust information from the Federation Service.
GUID: d977fee6-175b-4532-bc24-5ac54d137d57
Version: 17
Federation Service Uniform Resource Locator (URL): https://adfsresource.treyresearch.net/adfs/fs/federationserverservice.asmx
Federation Service Uniform Resource Identifier (URI): urn:federation:treyresearch
Federation Service Endpoint URL: https://adfsresource.treyresearch.net/adfs/ls/
Federation Service Domain Account: TREYRESEARCH0ADFSRESOURCE$

You will also see the following event below in the Security log.

Event Type:Success Audit
Event Source:ADFS ASP.NET Module Auditor
Event Category:Object Access
Event ID:560
Date:11/10/2005
Time:4:10:11 PM
User:NT AUTHORITYNETWORK SERVICE
Computer:ADFSWEB
Description:
The client presented a valid inbound token as evidence.
Token ID: _ad5a3694-860d-4063-95a3-3b0163fad3ca
Identity: adamcar@adatum.com

Read more https://technet.microsoft.com/en-us/library/cc738766(v=WS.10).aspx Please check us out for your Managed Service or Cloud Consulting needs.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

DFARS Compliance in Office 365

DFARS Compliance in Office 365

Learn how Microsoft Office 365 GCC High and Azure Government help DOD contractors meet DFARS compliance. Discover the steps to protect CUI and ensure regulatory compliance with Agile IT's expertise.

Feb 13, 2025
7 min read
Understanding DFARS Compliance

DFARS Compliance: A Guide to Federal Cybersecurity Requirements

Learn about DFARS compliance and how it ensures the security of federal data. Explore key requirements, NIST 800-171 alignment, and tips for achieving compliance.

Feb 3, 2025
7 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

Master Microsoft & CIS Benchmark Best Practices to Secure Your Environment

Discover how to implement Microsoft & CIS Benchmark best practices to strengthen your business security and protect your environment from evolving threats with expert guidance.

Jan 28, 2025
7 min read
Screen Capture Protection in Windows 365

How to Enable Screen Capture Protection in Windows 365 for Enhanced Security

Learn how to enable and use screen capture protection in Windows 365 to secure sensitive information and prevent unauthorized captures, enhancing your organization's data security.

Jan 21, 2025
7 min read
Office 365 Collaboration Tools

Office 365 Collaboration Tools: Are They Right for Your Organization?

Explore how Office 365's collaboration tools can enhance your organization's productivity and security.

Jan 12, 2025
6 min read
NIST 800 171 vs NIST 800 53

NSA Cybersecurity Collaboration: No-Cost Services Available to DoD Contractors

Learn how NSA cybersecurity collaboration provides no-cost services to DoD contractors, helping enhance security and compliance with advanced cyber protections.

Jan 10, 2025
6 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation